Notices by Soatok Dreamseeker (soatok@furry.engineer)

(If you don't get the reference, don't worry about it)

Age verification law destroyes the E2EE cryptosystem

#meta #instagram #facebook #surveillancecapitalism

This genuinely tickled me

https://youtube.com/shorts/0-3vCf-ZNq8

But it gets dumber: Someone apparently reported my comment as, uh, self-harm???

I know it's my own mistake for bothering with Reddit, but BlueAnon conspiracy theorists suck

https://old.reddit.com/r/MurderedByWords/comments/1rubv6a/it_was_staged_and_im_tired_of_pretending_it_wasnt/oam4mpu/?context=9

@0xabad1dea I hate this timeline

Your regular reminder that "the rich" aren't people who earn large paychecks. They are people with capital that generates returns: investments, property, company shares. "High income earners" are not an intrinsic enemy of "the working class" – many of them are a member of it!

During the coffee breaks and dinner conversations, everyone I talked to about these things echoed my frustrations.

In 2024, a speaker from Intuit spoke about their distributed key generation protocol. It involved multiplying a number by a hash. They did not elaborate on whether that's just a bigint operation or an elliptic curve group operation. @sophieschmieg was like, "Why would they do that? What if they set it to zero?" and the backchatter was full of "Why are the tax people rolling their own crypto?"

So, like, I'm not super worried about adtech rotting the RWC community.

Last thing: When I said "No" is a Privacy-Enhancing Technology, I didn't just mean an opt-out.

I mean the engineers growing a fucking spine and telling their boss, "No, we shouldn't collect this data."

At an earlier track, one of the invited speakers suggested using Fully Homomorphic Encryption to allow folks to have private conversations with an AI chatbot for therapy.

My mind was instantly filled with news stories of OpenAI and self-harm. Lawsuits from grieving families.

Are they deeply out of touch?

Or was it just "hmm, what do people want privacy for? I'll just throw a bunch of hypothetical examples of things FHE would be good for without interrogating them deeply"?

I'm not sharing this to shit on anyone at #RWC2026. My favorite people in tech are often found there, and the organizers put a lot of thought, effort, and care into making the vibe good.

I also don't ascribe any malice to the speakers. They probably didn't think to ask these questions, and didn't think to put them in their slide deck. Maybe they've self-selected into an environment that doesn't foster that kind of inquiry. Maybe they considered it but cut it out for time.

But if we're going to talk about this sort of thing,, we need to actually address these questions, even if there isn't a comfortable answer.

"No" is a better privacy-enhancing technology than the state-of-the-art differential privacy techniques.

It's efficient! Not collecting data requires at most O(1) bandwidth, O(1) storage, and O(1) compute.

"No" is not "Maybe later".

"No" is not "Ask me again in 3 days".

"No" is not "Maybe after a few more beers", since many of the people that need to hear the first part of his message likely also needs the second.

Here's a privacy-enhancing technology for you to consider:

"No."

You don't need to know. You don't need to measure. The efficacy of an advertising campaigns, market segmentation, and relevance targeting should be minimized for the good of humanity.

At #RealWorldCrypto this year, there was a session on "privacy-enhancing technologies".

The first talk in the session was about a new encryption method for Tor.

The next two were painful examples of "a person cannot be convinced of something when their salary depends on them not knowing it".

Advertisers wants to collect signals about populations without being individually identifying. So let's talk about differential privacy techniques to let them do that.

One example was "Meta wants to know what percentage of its teneage users blocked a contact today".

At no point did they address the elephants in the room.

• Why do they want this data in the first place?
• What are they even doing with this signal?
• Have you considered telling them to fuck off and not collect it in the first place?

As tempting as it might be to hand wave it and say "well yes but their business model depends on it" to which I say "then perish".

@mttaggart Do not let perfect stand in the way of good.

@fanf42 Hmm.

I don't recall how much I've told you about this, but care to take a guess how many people scream at me because "Signal is centralized" only for them to go on using PGP for emails?

And yet, here, Signal would had no information to turn over to the authorities. But "hosted in Switzerland" is somehow better??

Hobbyist privacy nerds that don't have a coherent threat model or deep understadning of cryptography and security call me a "shill" these days for pointing this sort of thing out, which is really annoying.

@csepp @ww Devil's in the details. I'll write more when I'm done with this crazy travel itinerary!

@ww Wait until you hear about my Fedipurse idea lol

@chandlerc I'm working on a proposal, but I need to finish writing my draft spec before I even begin telling anyone about it in any detail

@ww I like zcash, have mixed feelings on ring signatures